Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4006-1 advisory.

    cobbler:

    - Security issues fixed:

      * CVE-2024-47533: Prevent privilege escalation from none to admin (bsc#1231332)

    - Other bugs fixed:

      * Increase start timeout for cobblerd unit (bsc#1219450)
      * Provide sync_single_system for DHCP modules to improve performance (bsc#1219450)
      * Add input_string_*, input_boolean, input_int functions to public API
      * Add new setting for Uyuni authentication endpoint (bsc#1219887)

    grafana-formula:

    - Version 0.11.0
      * Add SLES 15 SP6 to supported versions (bsc#1228286)

    inter-server-sync:

    - Version 0.3.5-0
      * Decode boolean values for export (bsc#1228545)

    saltboot-formula:

    - Update to version 0.1.1723628891.ffb1da5
      * Rework request stop function to avoid unnecessary warnings         (bsc#1212985)

    spacecmd:

    - Version 4.3.29-0
      * Speed up softwarechannel_removepackages (bsc#1227606)

    spacewalk-backend:

    - Version 4.3.30-0
      * Make ISSv1 timezone independent (bsc#1221505)
      * reposync: introduce timeout when syncing DEB channels (bsc#1225960)
      * yum_src: use proper name variable name for subprocess.TimeoutExpired
      * Check and populate PTF attributes at the time of importing         packages (bsc#1225619)
      * reposync: import GPG keys to RPM DB individually (bsc#1217003)
      * Add log string to the journal when services are stopped         because of insufficient disk space

    spacewalk-certs-tools:

    - Version 4.3.26-0
      * Fix private key format in jabberd certificate file (bsc#1228851)
      * Fix parsing Authority Key Identifier when keyid is not prefixed (bsc#1229079)
      * Support multiple certificates for root-ca-file and server-cert-file

    spacewalk-client-tools:

    - Version 4.3.21-0
      * Update translation strings

    spacewalk-config:

    - Version 4.3.14-0
      * Trust the Content-Length header from AJP (bsc#1226439)

    spacewalk-java:

    - Version 4.3.82-0
      * Limit frontend-log message size (bsc#1231900)
    - Version 4.3.81-0
      * Add detection of Ubuntu 24.04
    - Version 4.3.80-0
      * Use custom select instead of errata view for better performance         (bsc#1225619)
    - Version 4.3.79-0
      * Add info URL for cobbler to clean the system profile (bsc#1219645)
      * Require correct scap packages for Ubuntu
      * Require correct scap packages for Debian 12 (bsc#1227746)
      * Fix finding system_checkin_threshold configuration value on Sytems         Overview page (bsc#1224108)
      * Allow changing base channel to SUSE Liberty Linux LTSS when the system is on         Liberty (bsc#1228326)
      * Implement product migration from RHEL and Clones to SUSE Liberty         Linux
      * Remove system also from proxy SSH known_hosts (bsc#1228345)
      * Fix NullPointerException when generating subscription matcher         input (bsc#1228638)
      * Allow free products and SUSE Manager Proxy being managed by SUSE Manager         Server PAYG
      * Open bootstrap script directory URL in a new page (bsc#1225603)
      * Delay package list refresh when Salt was updated (bsc#1217978)
      * Add SLE Micro 5 to the list of systems which support monitoring (bsc#1227334)
      * Add all SLE Micro systems to the list of systems which get PTF repositories
      * Update last sync refresh timestamp only when at least one time products         were synced before
      * Prevent NullPointerException when listing history events without completion         time (bsc#1146701)
      * Autoinstallation: prevent issues with duplicate IP address due to some         networks (bsc#1226461)
      * Improve SQL queries and performance to check for PTF packages (bsc#1225619)
      * Check the correct Salt package before product migration (bsc#1224209)
      * Fix the date format output when using the HTTP API to use ISO 8601         format (bsc#1227543)
      * Fix transactional update check for SL Micro (bsc#1227406)
      * Improve score comparison in system search to fix ISE (bsc#1228412)
      * Fix package profile update on CentOS 7 when yum-utils is not         installed (bsc#1227133)

    spacewalk-utils:

    - Version 4.3.22-0
      * Add repositories for Ubuntu 24.04 LTS
    - Version 4.3.21-0
      * Drop unsupported tool spacewalk-final-archive as it is broken         and may disclose sensitive information (bsc#1228945)

    spacewalk-web:

    - Security issues fixed:

      * Version 4.3.42-0         + CVE-2024-49503: Escape organization credentials username to           mitigate XSS vulnerability (bsc#1231922)
      * Version 4.3.41-0         + CVE-2024-49502: Validate proxy hostname format and escape proxy           username to mitigate XSS vulnerabilities (bsc#1231852)

    - Bugs fixed:

      * Version 4.3.40-0         + Fix channel selection using SSM (bsc#1226917)         + Fix datetime selection when using maintenance windows (bsc#1228036)

    susemanager:

    - Version 4.3.39-0
      * Enable bootstrapping for Ubuntu 24.04 LTS
    - Version 4.3.38-0
      * Add missing package python3-ply to bootstrap repo definition (bsc#1228130)
      * Create special bootstrap data for SUSE Manager Server 4.3 with LTSS         updates for Hub scenario (bsc#1211899)
      * Add LTSS updates to SUSE Manager Proxy 4.3 bootstrap data
      * Add traditional stack to boostrap repo on sles15sp6 (bsc#1228147)
      * Change package to libdbus-glib-1-2 on sle15sp6 (bsc#1228147)

    susemanager-build-keys:

    - Extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)

    susemanager-docs_en:

    - Documented Ubuntu 24.04 LTS as a supported client OS in Client
    - SUSE Manager 4.3.14 documentation update
    - In network ports section, deleted partially outdated image, added       port 443 for clients, and removed Cobbler only used internally       (bsc#1217338)
    - Added installer-updates.suse.com to the list of URLs in Installation       and Upgrade Guide (bsc#1229178)
    - Enhanced instructions about the permissions for the IAM role       in Public Cloud Guide
    - Fixed OS minor number in Client Configuration Guide (bsc#1218090)
    - Added warning about Package Hub (bsc#1221435)
    - Removed Verify Packages section from Package Management chapter       in Client Configuration Guide
    - Added note about usernames in PAM section in Administration Guide       (bsc#1227599)
    - Updated Content Lifecycle Management (CLM) examples for Red Hat       Enterprise Linux 9 (bsc#1226687)
    - Added VM based proxy installation in Installation and Upgrade Guide
    - Fixed PostgreSQL name entity
    - Improved Large Deployments Guide with better tuning values and       extra parameters added
    - Updated lists of SUSE Linux Enterprise hardening profiles in openSCAP       chapter in the Administration Guide

    susemanager-schema:

    - Version 4.3.27-0
      * Introduce new attributes to detect PTF packages (bsc#1225619)

    susemanager-sls:

    - Version 4.3.45-0
      * Start using DEB822 format for repository sources beginning with Ubuntu 24.04
    - Version 4.3.44-0
      * Speed-up mgrutil.remove_ssh_known_host runner (bsc#1223312)
      * Implement product migration from RHEL and clones to SUSE Liberty Linux
      * Disable transactional-update.timer on SLEM at bootstrap
      * Explicitly remove old venv-minion environment when updating Python versions
      * sumautil: properly detect bridge interfaces (bsc#1226461)
      * Fix typo on directories to clean up when deleting a system (bsc#1228101)
      * Translate GPG URL if it has server name and client behind proxy         (bsc#1223988)
      * Fix yum-utils package missing on CentOS7 minions (bsc#1227133)
      * Implement IMDSv2 for AWS instance detection (bsc#1226090)
      * Fix package profile update on CentOS 7 when yum-utils is not         installed (bsc#1227133)
      * Fix parsing passwords with special characters for PostgreSQL         exporter

    susemanager-sync-data:

    - Version 4.3.21-0
      * Add SLES15-SP5-LTSS channel families
      * Add MicroOS PPC channel family
    - Version 4.3.20-0
      * Add Ubuntu 24.04 support
    - Version 4.3.19-0
      * Fix CentOS 7 repo urls (bsc#1227526)
      * Add channel family for SLES 12 SP5 LTSS Extended Security
      * Implement product migration from RHEL and clones to SUSE Liberty Linux

    uyuni-common-libs:

    - Version 4.3.11-0
      * Enforce directory permissions at repo-sync when creating         directories (bsc#1229260)
      * Make ISSv1 timezone independent (bsc#1221505)

    uyuni-reportdb-schema:

    - Version 4.3.11-0
      * Change Errata CVE column to type text as a varchar reaches the         maximum (bsc#1226478)

    How to apply this update:

    1. Log in as root user to the SUSE Manager Server.
    2. Stop the Spacewalk service:
    `spacewalk-service stop`     3. Apply the patch using either zypper patch or YaST Online Update.
    4. Start the Spacewalk service:
    `spacewalk-service start`

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4007-1 advisory.

    release-notes-susemanager:

    - Update to SUSE Manager 4.3.14
      * Ubuntu 24.04 support as client
      * Product migration from RHEL and Clones to SUSE Liberty Linux
      * POS image templates now produce compressed images
      * Date format for API endpoints has been changed to ISO-8601 format
      * Security issues fixed:
        CVE-2024-47533, CVE-2024-49502, CVE-2024-49503
      * Bugs mentioned:
        bsc#1146701, bsc#1211899, bsc#1212985, bsc#1217003, bsc#1217338         bsc#1217978, bsc#1218090, bsc#1219450, bsc#1219645, bsc#1219887         bsc#1221435, bsc#1221505, bsc#1223312, bsc#1223988, bsc#1224108         bsc#1224209, bsc#1225603, bsc#1225619, bsc#1225960, bsc#1226090         bsc#1226439, bsc#1226461, bsc#1226478, bsc#1226687, bsc#1226917         bsc#1227133, bsc#1227334, bsc#1227406, bsc#1227526, bsc#1227543         bsc#1227599, bsc#1227606, bsc#1227746, bsc#1228036, bsc#1228101         bsc#1228130, bsc#1228147, bsc#1228286, bsc#1228326, bsc#1228345         bsc#1228412, bsc#1228545, bsc#1228638, bsc#1228851, bsc#1228945         bsc#1229079, bsc#1229178, bsc#1229260, bsc#1229339, bsc#1231332         bsc#1231852, bsc#1231922, bsc#1231900

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0370-1 advisory.

    Update to 3.3.7

    * Security: Fix issue that allowed anyone to connect to the API       as admin (CVE-2024-47533, boo#1231332)
    * bind - Fix bug that prevents cname entries from being       generated successfully
    * Fix build on RHEL9 based distributions (fence-agents-all split)
    * Fix for Windows systems
    * Docs: Add missing dependencies for source installation
    * Fix issue that prevented systems from being synced when the       profile was edited

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0382-1 advisory.

    Update to 3.3.7:

      * Security: Fix issue that allowed anyone to connect to the API         as admin (CVE-2024-47533, boo#1231332)

      * bind - Fix bug that prevents cname entries from being         generated successfully
      * Fix build on RHEL9 based distributions (fence-agents-all split)
      * Fix for Windows systems
      * Docs: Add missing dependencies for source installation
      * Fix issue that prevented systems from being synced when the         profile was edited

    Update to 3.3.6:

      * Upstream all openSUSE specific patches that were maintained in Git
      * Fix rename of items that had uppercase letters
      * Skip inconsistent collections instead of crashing the daemon

    - Update to 3.3.5:
      * Added collection indicies for UUID's, MAC's, IP addresses and hostnames         boo#1219933
      * Re-added to_dict() caching
      * Added lazy loading for the daemon (off by default)

    - Update to 3.3.4:

      * Added cobbler-tests-containers subpackage
      * Updated the distro_signatures.json database
      * The default name for grub2-efi changed to grubx64.efi to match         the DHCP template

    - Do generate boot menus even if no profiles or systems - only local boot
    - Avoid crashing running buildiso in certain conditions.
    - Fix settings migration schema to work while upgrading on existing running       Uyuni and SUSE Manager servers running with old Cobbler settings (boo#1203478)
    - Consider case of 'next_server' being a hostname during migration       of Cobbler collections.
    - Fix problem with 'proxy_url_ext' setting being None type.
    - Update v2 to v3 migration script to allow migration of collections       that contains settings from Cobbler 2. (boo#1203478)
    - Fix problem for the migration of 'autoinstall' collection attribute.
    - Fix failing Cobbler tests after upgrading to 3.3.3.
    - Fix regression: allow empty string as interface_type value (boo#1203478)
    - Avoid possible override of existing values during migration       of collections to 3.0.0 (boo#1206160)
    - Add missing code for previous patch file around boot_loaders migration.
    - Improve Cobbler performance with item cache and threadpool (boo#1205489)
    - Skip collections that are inconsistent instead of crashing (boo#1205749)
    - Items: Fix creation of 'default' NetworkInterface (boo#1206520)
    - S390X systems require their kernel options to have a linebreak at       79 characters (boo#1207595)
    - settings-migration-v1-to-v2.sh will now handle paths with whitespace       correct
    - Fix renaming Cobbler items (boo#1204900, boo#1209149)
    - Fix cobbler buildiso so that the artifact can be booted by EFI firmware.
      (boo#1206060)
    - Add input_string_*, input_boolean, input_int functiont to public API

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4f04edd1e7 advisory.

    Update to 3.3.7 - CVE-2024-47533


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a6f0ade1d3 advisory.

    Update to 3.3.7 - CVE-2024-47533


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-76d8603c78 advisory.

    Update to 3.3.7 - CVE-2024-47533


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
212581	SUSE SLES15 Security Update : SUSE Manager Proxy and Retail Branch Server 4.3 (SUSE-SU-2024:4006-1)	Nessus	SuSE Local Security Checks	medium
212528	SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2024:4007-1)	Nessus	SuSE Local Security Checks	medium
212497	openSUSE 15 Security Update : cobbler (openSUSE-SU-2024:0370-1)	Nessus	SuSE Local Security Checks	critical
212494	openSUSE 15 Security Update : cobbler (openSUSE-SU-2024:0382-1)	Nessus	SuSE Local Security Checks	critical
211835	Fedora 41 : cobbler (2024-4f04edd1e7)	Nessus	Fedora Local Security Checks	critical
211834	Fedora 39 : cobbler (2024-a6f0ade1d3)	Nessus	Fedora Local Security Checks	critical
211833	Fedora 40 : cobbler (2024-76d8603c78)	Nessus	Fedora Local Security Checks	critical

Detections

Analytics

CVE-2024-47533

critical

Tenable Plugins

medium

medium

critical

critical

critical

critical

critical